An Improved Composite Hypothesis Test for Markov Models with Applications in Network Anomaly Detection

Zhang, Jing; Paschalidis, Ioannis Ch.

Download/View

1509.01706v2.pdf (681.2Kb) First author draft

License

Date Issued

2015-12

Publisher Version

10.1109/CDC.2015.7402811

Author(s)

Zhang, Jing

Paschalidis, Ioannis Ch.

Export Citation

Download to BibTex

Download to EndNote/RefMan (RIS)

Metadata

Show full item record

Permanent Link

https://hdl.handle.net/2144/18021

Citation (published version)

Jing Zhang, I Ch Paschalidis. 2015. "An Improved Composite Hypothesis Test for Markov Models with Applications in Network Anomaly Detection." Proceedings of the 54th IEEE Conference on Decision and Control, pp. 3810 - 3815.

Abstract

Recent work has proposed the use of a composite hypothesis Hoeffding test for statistical anomaly detection. Setting an appropriate threshold for the test given a desired false alarm probability involves approximating the false alarm probability. To that end, a large deviations asymptotic is typically used which, however, often results in an inaccurate setting of the threshold, especially for relatively small sample sizes. This, in turn, results in an anomaly detection test that does not control well for false alarms. In this paper, we develop a tighter approximation using the Central Limit Theorem (CLT) under Markovian assumptions. We apply our result to a network anomaly detection application and demonstrate its advantages over earlier work.

Rights

Attribution 4.0 International

Collections

BU Open Access Articles [1369]